[kmail2] [Bug 439958] X-Face can break cryptographic signatures

Sandro Knauß bugzilla_noreply at kde.org
Mon Sep 27 15:09:24 BST 2021


--- Comment #16 from Sandro Knauß <sknauss at kde.org> ---
(In reply to David C. Bryant from comment #14)
> (In reply to Sandro Knauß from comment #13)
> > I can confirm it [snip ...]
> > 
> > @David: can you check, if you get proper signatures, if you disable the
> > picture (X-Face)? (Picture tab of the Identity).
> Yes, Sandro, signatures work fine with X-Face disabled. See the screenshot
> I'm adding as an attachment to this bug report today. I am using the same
> picture as was in the X-Face header as my gravatar (see discussion below).
> So the message appears the same (to me) both with and without embedded
> X-Face headers (except that X-Face breaks the crypto signature). 

Okay, than I have to look into why X-Face header sometimes breaks the
signature. It needs to be any modification after the signature is done. The
X-Face header have multiple lines in autosave files. So I expect, that somehow
the newlines gets stripped out after the signature is created.

> A friend referred me to this web page:
> https://datatracker.ietf.org/doc/html/draft-autocrypt-lamps-protected-
> headers-02 and raised the question "should the X-Face header be a protected
> header?" I'm not real sure of the answer. Personally, I don't care if
> somebody views the wrong picture in a signed message I send. Integrity of
> the text message is all I really care about. Others might feel differently,
> though.

Well the X-Face header is for sure a non-structural header and the RFC tells us
to copy ALL non-structural headers, that are known when composing the mail.


You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list